On September 14, 2004 09:32 am, Eric Geater 9/01/04 wrote: > I have one crazy machine at our home office that must communicate on > port 6847 to an outside company. This one machine went through our old > proxy server until it died last week. We're using IPTABLES through > rc.firewall-2.4 on a Linux proxy, but it doesn't seem to be allowing > this communication to occur. > > Would this be handled through port forwarding or NAT? I was under the > impression that our firewall was set up to allow all traffic, initated > from the LAN, through. This apparently isn't the case, however. > > Eric Not knowing what the application that is communicating in this manner is, will make suggestions likely off the mark. if you are using the proxy server to handle *outgoing* connections using its INSIDE ip address, you need to accept packets from the LAN in INPUT chain, coming to the proxy. You will then need to let packets OUT to the internet from the proxy to the internet through the OUTPUT chain. You might well get away with appropriate ESTABLISHED RELATED rules to allow tarffic back, but it is possible that you will require additional rules to let traffic in from the other end. I would hope that the proxy is smart enouh to handle NATTING the packets to the outside IP. if the proxy is accepting connections from the internet and proxying them to the LAN, you need to accept packets from the other end in via INPUT and allow packets to the internal box through OUTPUT, again, an appropriate ESTABLISHED, RELATED rule *should* handle traffic on the return trip. Since it sounds like the proxy and firewall are the same box, the FORWARD chain isnt likely to be involved here. Thus letting all traffic from LAN through to internet will not work here. You have to let the traffic from the LAN client INTO the firewall to get to the proxy. Alistair Tonner
